<?php

require_once("inc/dbConnection.php");
require_once("inc/properties.php");

if(isset($_POST['login']) && isset($_POST['password'])) {

    $db = new Dbo();
    
    $login = mysql_real_escape_string($_POST['login']);
    $pass = mysql_real_escape_string($_POST['password']);
    
    
    $sql = "SELECT * FROM accounts WHERE email = '" . $login . "' AND password = '" . $pass . "'";
    
    // var_dump($sql);
    
    $result = $db->runQuery($sql);
    
    if ($result && mysql_num_rows($result)) {
    
        $row = mysql_fetch_array($result, MYSQL_ASSOC);
        
        // var_dump($row);
        
        // set session variables
        session_start();
        $_SESSION['account'] = $row['account_id'];
        $_SESSION['permission'] = $row['permission'];
        $_SESSION['firstname'] = $row['firstname'];
        $_SESSION['lastname'] = $row['lastname'];
        $_SESSION['email'] = $row['email'];
        
        
        // redirect user
        $location = PROTOCOL . $_SERVER["HTTP_HOST"] . SERVER_PATH . "/";
        
        switch ($_SESSION['permission']) {
        
            case 1:
                $location .= "student.php";
                break;
            case 2:
                $location .= "tutor.php";
                break;
            case 3:
                $location .= "admin.php";
                break;
            default:
                break;
        }
        
        var_dump($location);
        header("Location: " . $location);

    }
    
}
    
?>